Slot: observation_point_id
The normalized identifier of the observation point. See specific usage.
URI: ocsf:observation_point_id
Alias: observation_point_id
Applicable Classes
| Name |
Description |
Modifies Slot |
| HttpActivity |
HTTP Activity events report HTTP connection and traffic information |
no |
| NtpActivity |
The Network Time Protocol (NTP) Activity events report instances of remote |
no |
| NetworkFileActivity |
Network File Activity events report file activities traversing the network, |
no |
| DnsActivity |
DNS Activity events report DNS queries and answers as seen on the network |
no |
| SmbActivity |
Server Message Block (SMB) Protocol Activity events report client/server |
no |
| SshActivity |
SSH Activity events report remote client connections to a server using the |
no |
| RdpActivity |
Remote Desktop Protocol (RDP) Activity events report post-authentication remo... |
no |
| NetworkEvent |
Network event is a generic event that defines a set of attributes available i... |
yes |
| TunnelActivity |
Tunnel Activity events report secure tunnel establishment (such as VPN), |
no |
| FtpActivity |
File Transfer Protocol (FTP) Activity events report file transfers between a |
no |
| NetworkActivity |
Network Activity events report network connection and traffic activity |
no |
| DhcpActivity |
DHCP Activity events report MAC to IP assignment via DHCP from a client or |
no |
Properties
Type and Range
Cardinality and Requirements
Aliases
Annotations
| property |
value |
| sibling |
observation_point |
Schema Source
Mappings
| Mapping Type |
Mapped Value |
| self |
ocsf:observation_point_id |
| native |
ocsf:observation_point_id |
LinkML Source
name: observation_point_id
annotations:
sibling:
tag: sibling
value: observation_point
description: The normalized identifier of the observation point. See specific usage.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Observation Point ID
rank: 1000
alias: observation_point_id
domain_of:
- NetworkEvent
range: ObservationPointIdEnum